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DETAILED ACTION 

1. Claims 1, 2, 4-7, 9, 11-13, 15, and 17-20 remain for examination. The 
correspondence amended claims 1, 7 & 13; and cancelled claims 14 & 16. 

Response to Arguments 

2. Applicant's arguments filed 3/9/09 have been fully considered but they are not 
persuasive. Applicant argues: 

There are a number of important differences between the present invention and the 
manager and method disclosed in the cited P-synch document. One important difference 
between the instant invention and the "P-Synch" procedure is that the present invention 
is used by individual who want to change their own passwords on multiple remote 
applications, while the P-Synch procedure is used by system administrators to change 
passwords on multiple machines that are all part of one computer system. Another 
significant difference is that with the present invention, both current and past passwords 
are stored in the tool. 

Examiner disagrees with these assessments. With respect to the former 
argument, although P-Synch is operable in the fashion described by the Applicant 
above, it is not limited to this mode of operation. In point of fact, P-Synch discloses four 
separate modes of operation (see the first enumerated list of page 12), of which only 
one mode relies on administrators/help desk operators to function. Most tellingly, mode 
#1 explicitly and unequivocally discloses wherein the user changes the password via P- 
Synch's graphical user interface (either WWW or Win32; see also the definitions on 
page 9). As to the latter argument, Examiner reminds the Applicant that, technically 
speaking, the P-Synch tool does have storage for current passwords in at least its 
working memory or RAM (see page 169 as previously cited). This is evident because 
the very purpose of P-Synch is to login, on behalf of a given user, to each of said user's 
accounts on various remote computers and applications, and change the password to 
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the new password of the user's choosing. P-Synch thus needs the user's login 
information, including their current password(s), in order to function in the disclosed 
manner; and that consequently, one could plausibly construe the working memory in 
which the current password(s) is stored as "storage for current... passwords"). 
Nevertheless, Examiner has been giving Applicant the benefit of the doubt regarding 
what exactly the "storage" for current passwords may or may not comprise. 
Accordingly, the Mozilla reference was additionally cited to underscore the obviousness 
of the claim limitation, leading Applicant to respond: 

These features of the instant invention are also not shown in the Mozilla document. This 
reference discloses a password manager tool with storage for a user's current 
passwords. With the present invention, however, the tool stores both current and 
previous passwords. 

There are two different yet equally reasonable ways of rebutting this argument, 
depending on whether the web browser used in the WWW GUI embodiment of P-Synch 
can be said to be part of the overall P-Synch password management tool: 

1 ) If one takes the view that the web browser is part of P-Synch, then the claim is 
satisfied simply by using Mozilla to interact with the P-Synch server, as P-Synch clearly 
and unequivocally discloses storage for previous passwords (the password history 
database, as previously cited), while Mozilla includes a related password management 
tool for current passwords (as cited and admitted by the Applicant above). It is further 
noted that, although the claimed invention possesses storage for current passwords, at 
no point in any claim is there an actual recited use for said storage - it is simply enough 
that such be present to satisfy the claims. Thus, simply by substituting the Mozilla web 
browser, which comprises the [arguably] missing limitation, in lieu of the generic web 
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browser necessary to interact with the P-Synch server, that is sufficient to read on the 
claims, and the substitution would have yielded predictable results to one of ordinary 
skill in the art. Even if P-Synch were to have no use for the Mozilla browser's current 
password storage, it does not affect the claims because there is no requirement to 
actually use the recited current password storage area for any reason. 

2) If, on the other hand, one takes the view that the web browser is not part of P- 
Synch, then it is important to note that P-Synch's prohibition against storing current 
passwords (see page 60) specifically applies only to the storage area wherein the 
previous passwords are stored, as the prohibition against doing so is explicitly 
described as a security precaution (Ibid). Nevertheless, the Mozilla disclosure, 
subsequent to the publication of P-Synch, teaches that the idea of having a storage 
area for current passwords has utility in and of itself in that it allows a user to be able to 
login to various websites and the like without necessarily having to remember what their 
password is (page 6, 1 st and 2 nd paragraphs); it is further noted that Mozilla is cognizant 
of the security concerns inherent to such a storage area, and discloses wherein such an 
area can be protected with encryption (page 7, top paragraph). It is observed that P- 
Synch also recognizes this end result as a desirable objective (see page 19, third bullet 
point; and page 20, "2.3.3 Cost savings", first bullet point). Thus, if P-Synch were to 
obtain the current password from a storage area for a user's current passwords in order 
to login to a remote application on behalf of said user and reset the password for said 
user who had forgotten the current password to said remote application, then the 
invention would not be the result of innovation but of ordinary skill and common sense. 
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Claim Rejections - 35 USC § 103 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1,2, 4-7, 9, 11-13, 15, and 17-20 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over the P-Synch Installation and Administration Guide (Software 
version 4.2, Document Version 4.50, last changed 6/1/2000; hereinafter "P-Synch") in 
view of "Using Privacy Features" web page (hereinafter, "Mozilla"). 

Regarding claim 1 : 

P-Synch discloses a tool for managing passwords, comprising: a password 
management facility (either the server-side P-Synch components of the WWW GUI, or 
the Win32 executable from the Win32 GUI: pages 12-15, including Figures 2.1 and 2.2) 
storing for a plurality of current passwords for a plurality of respective remote 
applications (password history, pages 33 & 34; various applications, both remote [e.g. 
"WWW apps"] and local at page 28, Table 3.1), and for each of said applications: a 
description of the application (page 27, "3.1.2 Target system information"), a description 
of the password type for the application (Ibid); previous passwords for the application 
(page 7, "Password history"), a Uniform Resource Locator for the application (page 27, 
"3.1 .2 Target system information"; cf. page 28, Table 3.1), executable code and 
parameters needed to change the password for the application (pages 167-169) and 
readable instructions for changing the password for the application (the "waitf or" 
instructions on page 1 71 ); means for displaying a reminder to change one or more 
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passwords (page 14, "Expiry detection and password aging"); and a script for simulating 
keystroke entries to automatically perform a password change in said respective 
applications for said current passwords of said reminder (Ibid, and pages 1 3-1 4 and 
167-172) wherein the tool displays a list of the passwords, a description of the computer 
applications, a description of the procedure for changing the password, and a graphical 
user interface (pages 13-15, "WWW GUI" and "Windows GUI"; pages 54-55, "HOST 
statement" and Table 4.1 ; pages 69-70, disclosing the means by which this information 
is displayed; pages 246-247, Tables 8.6 and 8.7; while further observing that as the 
scripts are by definition a description of the procedure for changing the password, the 
ability to display the scripts for at least the purpose of editing them reads on that 
limitation); and a user uses the graphical user interface to invoke at the password 
management facility, all the scripts needed to change all of the plurality of passwords for 
all of the remote applications via the password management facility (pages 13-15, 
"WWW GUI" and "Windows GUI"), and the script tests proposed new passwords to 
determine if said proposed new passwords meet a defined criteria, and the script 
changes a password only if the proposed new password meets the defined criteria 
(page 7, "Password strength rules"; page 11, "Enforcing strong password rules..."); and 
the tool having multiple degrees of security so that different users have different types of 
access to the tool (Help-desk users vs. end-users: see page 1 1 , the third and fourth 
bullet points; see also users vs. administrators on page 169). 

It is observed that the password storage area for holding previous passwords 
cited above is not used to store current passwords (page 60), although this is not to say 
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that current passwords cannot be stored somewhere within the P-Synch tool, as 
knowledge of a current password is still required for the P-Synch scripts to function 
correctly (e.g. page 127, "Verify" bullet point, and page 169, "%o" the user's old 
password). However, it is observed that at least one embodiment of P-Synch is a web 
application, wherein a WWW browser is a required component of the overall P-Synch 
tool to change one's passwords on the web (e.g. page 13, "WWW GUI"). Mozilla 
discloses the existence of a web browser comprising a password manager tool with 
storage for a user's current passwords, as well as the ability to view them (Mozilla, 
pages 5-8, "Using the Password Manager". It would have been obvious to one of 
ordinary skill in the art at the time of the invention to use the Mozilla web browser with 
the Password Manager component as the web browser component of the P-Synch tool, 
as the substitution of the Mozilla web browser in lieu of the generic web browser 
disclosed by P-Synch would have yielded predictable results to one of ordinary skill in 
the art at the time of the invention. Additionally (or alternatively), one would be 
motivated to incorporate storage for current passwords into P-Synch proper because 
Mozilla discloses wherein doing so facilitates subsequent logins to one's preferred web 
sites (page 7, "Entering User Names and Passwords Automatically"), and furthermore is 
conducive to helping forgetful users recover their password(s) (page 6, top paragraphs). 

Regarding claims 7 and 13: 

P-Synch discloses a method and program storage device comprising: 
accumulating a set of passwords in a password management facility, each of said 
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passwords being associated with a remote computer application having a password 
change procedure (pages 13-15, "2.2.1 User Password Changes", observing that the 
passwords are changed on computers other than the user's in Figures 2.1 and 2.2); 
storing in the password management facility, for each of said applications: a description 
of the application (page 27, "3.1 .2 Target system information"), a description of the 
password type for the application (Ibid); previous passwords for the application (page 7, 
"Password history"), a Uniform Resource Locator for the application (page 27, "3.1.2. 
Target system information"; cf. page 28, Table 3.1), executable code and parameters 
needed to change the password for the application (pages 167-169) and readable 
instructions for changing the password for the application (the "waitfor" instructions 
on page 171 ); means for displaying a reminder to change one or more passwords (page 
14, "Expiry detection and password aging"); providing the password management 
facility with a set of scripts to operate the password change procedures of the 
associated applications (pages 13-15) by simulating keystroke entries (e.g. pages 167- 
172); and a user invoking the password management facility (Ibid: "With a WWW GUI, 
users change their passwords from their browser", etc.), said facility, when invoked, 
displaying a list of the passwords, a description of the computer applications, a 
description of a procedure for changing the password, and a graphical user interface 
(pages 13-15, "WWW GUI" and "Windows GUI"; pages 54-55, "HOST statement" and 
Table 4.1; pages 69-70, the means to display the information; pages 246-247, Tables 
8.6 and 8.7; while further observing that as the scripts are by definition a description of 
the procedure for changing the password, the ability to display the scripts for at least the 
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purpose of editing them reads on that limitation); and a user using said graphical user 
interface to invoke or activate at the password management facility, all the scripts 
needed to change all of the plurality of passwords for all of the remote applications via 
the password management facility (pages 13-15, Ibid), including the steps of the scripts 
testing proposed new passwords to determine if said proposed new passwords meet a 
defined criteria, and the scripts changing a password only if the proposed new 
password meets the defined criteria (page 7, "Password strength rules"; page 1 1 , 
"Enforcing strong password rules...") and the password management facility having 
multiple degrees of security so that different users have different types of access to the 
tool (Help-desk users vs. end-users: see page 1 1 , the third and fourth bullet points; see 
also users vs. administrators on page 169). 

It is observed that the password storage area for holding previous passwords 
cited above is not used to store current passwords (page 60), although this is not to say 
that current passwords cannot be stored somewhere within the P-Synch system, as 
knowledge of a current password is still required for the P-Synch scripts to function 
correctly (e.g. page 127, "Verify" bullet point; and page 169, "%o" the user's old 
password). However, it is observed that at least one embodiment of P-Synch is a web 
application, wherein a WWW browser is a required component of the overall P-Synch 
tool to change one's passwords on the web (e.g. page 13, "WWW GUI"). Mozilla 
discloses the existence of a web browser comprising a password manager tool with 
storage for a user's current passwords, as well as the ability to view them (Mozilla, 
pages 5-8, "Using the Password Manager". It would have been obvious to one of 
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ordinary skill in the art at the time of the invention to use the Mozilla web browser with 
the Password Manager component as the web browser component of the P-Synch 
system, as the substitution of the Mozilla web browser in lieu of the generic web 
browser disclosed by P-Synch would have yielded predictable results to one of ordinary 
skill in the art at the time of the invention. Additionally (or alternatively), one would be 
motivated to incorporate storage for current passwords into P-Synch proper because 
Mozilla discloses wherein doing so facilitates subsequent logins to one's preferred web 
sites (page 7, "Entering User Names and Passwords Automatically") and furthermore is 
conducive to helping forgetful users recover their password(s) (page 6, top paragraphs). 



Regarding claims 2,11, and 1 7: 

P-Synch further discloses wherein the applications are selected from the group 
including workstation applications, legacy host applications, server applications, and 
networked applications (Table 3.1 on page 28). 

Regarding claims 4, 9, and 15: 

P-Synch further discloses wherein the graphical user interface includes a series 
of activatable display elements, each display element being shown adjacent to one of 
the passwords to invoke script for changing said one password (pages 13-15). 
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Regarding claim 5: 

P-Synch further discloses wherein at least some of the applications include a 
password change form and require a series of actions to get to the password change 
form, and the script includes means to perform said series of actions to get to the 
password change form (e.g. the sample script on pages 192-193). 

Regarding claims 6, 12, and 18: 

P-Synch and Mozilla both disclose wherein the passwords are encrypted in said 
storage (P-Synch: pages 33 and 34, bullet point "hist\"; Mozilla: page 12). 

Regarding claim 19: 

P-Synch further discloses wherein the defined criteria are based on data from a 
user table (the user's password history table, pages 33 and 34). 

Regarding claim 20: 

P-Synch further discloses displaying user prompts to obtain information from the 
user when a script or code is invoked to change one of the passwords (pages 13-15); 
encrypting all of the data stored in the facility (pages 33 & 34, bullet point "hist\"; cf. 
pages 346-347); the script, based on a user identification, queries an employee table to 
determine an employee class associated with the user identification (page 207); and 
said criteria include [i] a proposed new password differs from a current password by a 
given number of characters (page 59, see the rule designated "mincharschanged=N") 
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[ii] criteria based on data from user tables, user profile tables, and user history tables 
(page 7, "Password history"; page 36, line item #6; page 224, "End-user interface"); [iii] 
the user belongs to a certain class of employees (pages 35-36, and 207); and [iv] the 
proposed password must contain a number of alphabet characters, a number of 
numeric characters, and a number of punctuation characters (the minletters = n, 
mindigits = n, and minpunctuation = n requirements, respectively, page 59). 

Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571 ) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TAG 

4/3/09 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



